[soc2009/admin-ui] The Kaplan-Moss commandeth that thou shalt not allow any ol' anonymous user to make arbitrary queries. And so it was done.

git-svn-id: http://code.djangoproject.com/svn/django/branches/soc2009/admin-ui@11411 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-07-04 09:49:12 +00:00 · 2009-08-07 21:26:27 +00:00 · 2009-08-07 21:26:27 +00:00 · f1c47d24b1
commit f1c47d24b1
parent 81e8b8bbd5
1 changed files with 3 additions and 1 deletions
--- a/django/contrib/admin/views/autocomplete.py
+++ b/django/contrib/admin/views/autocomplete.py
@ -4,6 +4,7 @@ from django.db.models.query import QuerySet
 from django.utils.encoding import smart_str
 from django.http import HttpResponse, HttpResponseNotFound
 from django.conf import settings
+from django.contrib.admin.views import staff_member_required
 
 def foreignkey_autocomplete(request, related_string_functions=None):
    """
@ -55,4 +56,5 @@ def foreignkey_autocomplete(request, related_string_functions=None):
            else:
                data = to_string_function(obj)
        return HttpResponse(data)
-    return HttpResponseNotFound()
+    return HttpResponseNotFound()
+foreignkey_autocomplete = staff_member_required(foreignkey_autocomplete)